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(57) Abstract 

The invention relates to a safety device for diagnostic terminals (3) in distributed computer networks (8) containing at least two nodes 
and a common communication bus (10a, 10b) for the computer network, preferably implemented in vehicles. The diagnostic terminal enable 
connection of an external diagnostic equipment (1) to different nodes (20a, 20b, 20c) within the computer network. By a signal evaluation 
circuit (12) arranged in the computer network could a detection of the signal state at the contact pin or pins (3a t 3b) in the diagnostic terminal 
be made, which contact pins connects the diagnostic equipment to the communication bus. A predetermined signal state will indicate an 
authorised connection of a diagnostic equipment (1), and only after an authorised connection will a direct connection to the communication 
bus (10a, 10b) be established via a relay function (13, 14a, 14b). No additional contact pins are needed in the diagnostic terminal (3) 
in order to control a selective connection between the communication bus and the diagnostic equipment (1). Improved protection against 
unauthorised access and external disturbances from the diagnostic terminal is obtained. 
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SAFETY DEVICE FOR DIAGNOSTIC TERMINALS IN DISTRIBUTED COMPUTER 
NETWORKS 

Present invention relates to a safety device for diagnostic terminals in distributed computer networks, 
5 preferably implemented in vehicles, which diagnostic terminal enable direct access to communication 
busses transmitting information between distributed nodes within the computer network during 
operation thereof. 

BACKGROUND OF THE INVENTION 

10 Vehicles are nowadays more frequently equipped with distributed computer networks with numerous 
nodes monitoring different functions in the vehicle and where communication between all nodes is 
obtained using a common communication bus. The communication is preferably implemented in 
digital form with messages transmitted serially on the communication bus. Each message contain an 
address, also designated as identifier, and data to be transmitted to each respective node or nodes 

15 having the dedicated address. In certain type of general messages could the address be missing. 
With the purpose of performing a diagnostic routine of essential functions and collecting any fault 
messages stored in the nodes, this will require a possibility to connect an external diagnostic 
equipment to the system arranged in the vehicle. The diagnostic equipment could in that respect 
include an interface having a communication protocol being compatible with the communication bus, 

20 which will enable transmission and reception of messages on the communication bus arranged in the 
vehicle. In order to obtain a thorough diagnose could an activation of node functions, using the 
communication bus, be needed 

In order to be able to connect the diagnostic equipment to the communication bus is a diagnostic 
terminal in the vehicle needed, said terminal establishing connection at least to the communication 

25 bus and preferably also to other systems in the vehicle. This diagnostic terminal is conventionally 
realised by a multi-contact plug, where a limited number of contact pins of the multi-contact plug is 
connectable to the communication bus. Remaining contact pins is used for monitoring or controlling 
purposes of other functionality's within the vehicle, which are not controlled or managed by the 
nodes connected to the communication bus. 

30 In certain type of vehicle systems have dedicated nodes been implemented, i.e. Gateway-nodes, which 
nodes connects the diagnostic terminal to the communication link. This kind of Gateway-nodes often 
includes functions being able to convert data from the diagnostic equipment according a specific 
communication protocol used by the diagnostic equipment and to the communication protocol of the 
communication bus, and vice versa. Some restrictions in form or type of data to be transmitted 

35 between the diagnostic equipment and the nodes arranged in the vehicle is often obtained by such 
Gateway-nodes. 
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In order to avoid these expensive Gateway-nodes could instead the diagnostic equipment be 
connected directly to the communication bus in the vehicle. With the purpose to reduce introduction 
of disturbances to the communication bus have been proposed to use a dedicated contact pin in the 
multi-pin plug as an activator which selectively could unlock a direct access to the communication 
bus. This will require an increase of contact pins in the diagnostic terminal, which results in increase 
of cost and an additional potential source for error. 



SUMMARY OF THE INVENTION 

The object of the invenuon is to prevent short-circuiting of the communication bus used in distributed 
10 computer networks, if contact pins in a diagnostic terminal connected to the communication bus 
should be short circuited. The invention should also prevent misapplication of voltages and other 
disturbances on the communication bus via the diagnostic terminal. Short-circuiting, incorrect 
voltages or other disturbances applied on the communication bus could during operation of the 
vehicle result in that essential functions could cease to operate, which as an example could lead to 
15 that the engine is shut down. 

Another object is to reduce the number of required contact pins in the diagnostic terminal 

Yet another object is to obtain a protection against unauthorised access via the diagnostic terminal to 

the communication bus in distributed computer networks 



20 SHORT DESCRIPTION OF THE INVENTION 

The inventive safety device is distinguished by the characterising part of claim 1. 
By the inventive safety device could an improved protection against unauthorised access via the 
diagnostic terminal to the communication bus be obtained, and at the same time could the number of 
contact pins in the diagnostic terminal be reduced, which will improve the reliability of the 

25 distributed computer network and reduce potential sources for error during operation of the computer 
network or during initiation of a diagnostic routine. 

Other distinguishing features and advantages of the invenuon are evident from the characterising part 
of dependent claims and the following description of preferred embodiments. Description of 
30 embodiments is made by reference to figures specified in the following list of figures. 

LIST OF FIGURES 

Figure 1, shows schematically a distributed computer network, and an external diagnostic equipment 
connectable to the computer network via a diagnostic terminal; 
35 Figure 2, corresponds to figure 1 , but with the diagnostic equipment connected to the communication 
bus in the computer network; 
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Figure 3, shows a first embodiment of circuits, by which a direct access to the communication bus 
could be obtained; 

Figure 4, shows a second embodiment of circuits, by which a direct access to the communication bus 
could be obtained 

5 Figure 5, shows an embodiment where the power supply to the diagnostic equipment is obtained via 
the diagnostic terminal. 

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

In figure 1 is shown schematically a distributed computer network 8, preferably implemented in a 
10 vehicle, which computer network includes a plurality of nodes 20a-20c using a common 
communication bus 10a, 10b for communication. 

In an implementation in motor vehicles could the nodes correspond to a gearbox node, an ignition 
system node, a fuel system node or a brake system node, the latter preferably the ABS-system for the 
vehicle (ABS=Anti Blocking System for brakes). 

15 

The communication on the communication bus 10a,10b is executed serially and in digital form 
according a defined communication protocol. Preferably is a CAN-protocol (CAN=Controller Area 
Network) corresponding to the standard ISO 1 1898:1993 used, which protocol supports real time 
control and multiplex transmission. Also other similar type of communication protocols could be 

20 used, such as SAE J 1850, or other protocols compatible with ISO 1 1519. 

In figure 1 is shown a communication bus 10a, 10b implemented as a differentiated dual wire 
according the standard ISO 1 1898:1993(see section 10.5). This type of differentiated dual wire 
includes a terminating resistor 1 1 between the dual wires 10a, 10b. Differentiated dual wires is used 
in order to reduce sensitivity for noise/disturbances. In the initial state are both wires in the 

25 differentiated dual wire set at a substantially similar voltage level, and during transition to a 

dominant state, conventionally representing a logic *t)*\ is the potential of one wire reduced while the 
potential of the other wire is increased. Any external disturbances affects both wires in a similar 
manner, and could thus not affect the present logical representation on the communication bus. 
Transmission rates up to a couple of hundred kbit per second could be used, and the transmission 

30 rate used is dictated by the response requirements on the system. 

The power supply in the vehicle is obtained from a battery 32, which battery is supplying power to 
the nodes via the ignition switch 31. 

In order to enable a proper diagnose of the computer network and the nodes thereof is a diagnostic 
35 terminal 3 available, having a first set of contact pins 3a,3b connectable to each wire in the 

communication bus 10a, 10b. For the diagnostic routine is an external diagnostic equipment required, 
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i.e. a diagnostic unit 1, having a diagnostic connector 2 including a second set of contact pins 2a,2b 
compatible with the first set of contact pins. When the diagnostic connector 2 is connected are the 
first and second sets of contact pins connected, i.e. 2a with 3a and 2b with 3b. 
The diagnostic equipment 1 could have an integrated power supply 4, but could also in a 
5 conventional manner obtain power supply through dedicated contact pins in the diagnostic connector 
2 and the diagnostic terminal 3, which will connect to power supply 30 within the vehicle, as shown 
in figure 5. 

The diagnostic connector 2 and terminal 3 preferably includes a number of contact pins for a 
plurality of other functionality's within the vehicle. In a conventional manner are a plurality of 
10 contact pins gathered in one and the same connector/terminal, and up to an additional 20 contact pins 
besides the contact pins for the communication bus could exist. However, in figure 1 is only the 
contact pins 2a,2b and 3a,3b for the communication bus 10a,10b shown. 

In figure 2 is the distributed computer network 8 shown, with an external diagnosuc equipment 1 
15 fully connected with direct access to the communication bus 10a, 10b in the computer network 8. 

According the invention are relay switches 14a, 14b controlled by a relay 13 implemented. The relay 
13 is controlled by a signal evaluation circuit 12, said signal evaluating circuit being able to detect 
the signal state on at least one of the contact pins 3a or 3b of the diagnostic terminal 3. When a 
predetermined signal state is present at the contact pin, then the signal evaluating circuit is capable of 
20 activating the relay 13 in order to close the contacts 14a, 14b. The signal evaluation circuit 12 is 

connected to power supply 30, which in a similar manner as of the nodes will be connected when the 
ignition switch 31 is closed. 

In figure 3 is shown a first embodiment of a fundamental design of the signal evaluation circuit 12 
25 and the signal transmitting circuits needed in the diagnosuc equipment, in order to control the signal 

evaluation circuit 12 such that the relay 13 could be activated and close the relay contacts 14a, 14b. 

In this embodiment is integrated with the diagnostic equipment an interface 5 for the communication 

bus, which interface also have the capability of activating a relay 6, or any compatible switching 

device of a semiconductor design. When the relay 6 close the relay contact 6a is a specific voltage 
30 applied on one of the wires, in figure 3 wire 10b, of the communication bus. The relay could 

preferably be activated by the interface 5 with a short pulse having a duration within the range from 

a couple of microseconds up to some tens of milliseconds. 

By voltage division using resistors 7a,7b is obtained a voltage pulse adapted to the communication 
bus 10a, 10b. This voltage pulse is preferably adapted in such a manner that the pulse is unique and 
35 different in relation to any normal communication on the communication bus. As an example could 
C AN H (in figure 3 corresponding to 10b) in a differentiated communication bus be specified to a 
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voltage up to 7.0 volts, and where correct messages never contain more than 8 consecutive bits 
having the same logical representation. The technique used in order to restrict the number of 
consecutive bits having the same logical representation is designated as "bit-stuffing" technique, and 
is implemented by each sending node before a message is to be sent on the communication bus. 

5 The initiating pulse activating the relay could therefore be given a potential in the order of 8.0 volts, 
and with a pulse duration exceeding that of 9 bits, and preferably a duration within the range 10-15 
bits. Nodes being connected to the communication bus could thus detect a faulty message, and would 
as a consequence not be affected if the initiating pulse should be sent on the communication bus. 
The signal evaluation circuit 12 being able to detect the specific initiating pulse includes two 

10 comparators 15 and 16, each obtaining an individual reference voltage via the voltage dividing net 
17a-17b-17c. The first reference voltage is obtained between resistors 17a and 17b and could 
preferably correspond to a voltage level of 8,5 volt. The comparator 15 will thus as a consequence 
supply an output signal if the voltage level exceeds 8,5 volt. 

The second reference voltage is obtained between resistors 17b and 17c and could preferably 
15 correspond to a voltage level of 7,5 volt. The comparator 16 will thus as a consequence supply an 
output signal if the voltage level exceeds 7,5 volt. 

The outputs from both comparators 15 and 16 respectively are connected to inputs on a XOR-circuit 
(XOR; Exclusive OR), 18, resulting in that the XOR-circuit will issue an output when only one(l) of 
20 the inputs of the XOR-circuit, i.e. one of the outputs from comparators 15 and 16, is in an active 
output state. 

The reference voltages for the comparators selected above in the example, are selected for an 
initiating pulse having a potential at 8 volt. If any other voltage level is selected should also each 
reference voltage be modified in a similar manner. 
25 The state of the XOR-circuit, dependent of the voltage level on the wire Ui 0 b of the communication 
bus and with an initiating pulse at a voltage level of 8 volt, as well as reference voltages according 
the example above, is shown in following state diagram; 



Output, comparator 15 


Output, comparator 16 


Output XOR 


Comments 


0 


0 | 


0 


Uiob < 7,5 volt l 


1 


1 


0 


U IOb >8,5 volt 


0 


1 


1 


7,5 volt <, U 10b < 8,5 volt 



30 In order to obtain a functionality where an initiating pulse of short duration could activate the relay 
13, and maintain the relay closed until power supply via 30 is interrupted, is a monostable flip-flop 
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19 used. One input of the flip-flop 19 is connected to the output of the XOR-circuit, and the other 
input is connected to power supply 30 via an inverter. 



The output from the flip-flop 19, UT ]9 , is shown in following state diagram; 



u 30 


XOR 


UT 19 


Comments 
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1 


1 


ignition switch activated and initiating pulse 
activates relay 
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0 


0 


ignition switch deactivated & without initiating ■ 
pulse 


0 


0 


1/0 


maintain state 


1 


I 




Not defined state* 



5 * = Without ignition switch activated could initiating pulse not activate relay. 

The functionality obtained is that the ignition switch must connect the computer network to power 
supply, and consequently also the signal evaluation circuit 12, and an initiating pulse issued after 
connection to power supply would activate the relay 13 and thus closing the contacts 14a,14b. 
The relay 13 will be kept in an activated state, i.e. with contacts closed, as long as the computer 
10 network is connected to power supply via the ignition switch 30 and if an initiating pulse have been 
issued. As soon as the ignition switch 3 1 disconnect the power supply will the relay 1 3 be 
deactivated. In order to stabilise the circuit such that disturbances, i.e. voltage spikes etc. at wire 
10b, would not activate the relay 13, could a capacitor be connected to the output of the XOR-circuit 
18. 

15 

The embodiment of the circuitry shown in figure 3 is only one solution out of many conceivable 
embodiments. In another embodiment could the XOR-circuit be replaced by an AND-circuit, with 
the inputs of the comparator 15 switched such that the reference voltage obtained between resistors 
17a- 17b instead is connected to the +input of the comparator. In yet another embodiment could the 
20 comparators 15 and 16 be replaced by a compatible IC-circuit, for example LM319(Dual voltage 
comparator), or LM339(Quad voltage comparator), manufactured by Philips. 

In figure 4 is shown a second embodiment of a fundamental design of the signal evaluation circuit 12, 
and the signal transmitting circuits of the diagnostic equipment needed to control the signal 
25 evaluation circuit 12, obtaining a compatible relay function using semiconductor devices. 

In this embodiment is only a conventional interface 5 ' for the communication bus used in the 
diagnostic equipment. As an initiating pulse is used a specific message for activation, which specific 
activation message is given an unique configuration different from any normal message. Such a 
message could as an example have at least 10-15 consecutive bits with identical digital 
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representation, i.e. without application of the "bit-stuffing" technique on the message. This message 
could hereby be detected by the nodes as a "faulty" message and could as a consequence not affect 
the functionality of the nodes. 

The signal evaluation circuit 12 includes a conventional CAN -interface, 21, for a differentiated dual 
5 wire, and as an example realised by a circuit corresponding to "Philips 82C250". 

In a customised IC-circuit 22 could detection of an initiating message be made, and initiating 
messages could be stored in a non- volatile memory 23. When the circuit 22 detects that the initiating 
message transmitted on the communication bus matches the initiating message stored in the memory 
23, then the output 33 is activated and the semiconductor switches 13b and 13c set to a closed 
10 condition. 

It is important in both embodiments shown in figure 3 and 4 that the relay functions 13,14a,14b and 
13c, 13b respectively, or any compatible relay-function, offer a low-resistant connection between the 
diagnostic equipment 1 and the communication bus. The relay function could be realised by 
15 mechanical relays or analogue relays in a semiconductor design, which do not affect the normal 
communication to any significant extent. 

According the invention shall the evaluation function 12 be integrated in the distributed computer 
network, and preferably integrated in the diagnostic terminal as such, forming one single unit. 

20 

With the embodiment shown in figure 4 could a sophisticated authorisation code constitute the 
initiating message. Such an implementation will offer an improved protection against unauthorised 
access to the communication bus, in comparison with the embodiment shown in figure 3 only 
demanding a specific voltage level applied on either of the wires 10a, 10b. 
25 The embodiment shown in figure 3 could however improve authorised access control by 

implementation of a signal evaluation circuit capable of detection of a predetermined sequential pulse 
train. Such a pulse train, generated by the diagnostic equipment, could by way of example be formed 
by a number of pulses at the required voltage level, and having a predetermined duration of each 
individual pulse, and where each pulse is separated by a time gap having a predetermined duration. 

30 

The authorisation code could for different configuration of computer networks or car models be 
unique for each node configuration in the computer network. The diagnostic equipment could have 
several authorisation codes stored, and during establishment of connection could authorisation codes 
be tested until communication is established. The authorisation code used for successful connection 
35 of communication could then be used as identifier for the configuration of the computer network, and 
a diagnostic routine adapted for the computer network could be launched automatically. 
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15 



The authorisation code(i.e. the initiating message) could preferably be initiated manually by 
activation of a function- or start button on the diagnostic equipment. Alternatively could the 
authorisation code be sent automatically when mechanical contacts or sensors in the connector 2 
detects a physical connection of the connector 2 with the terminal 3. 

In yet another embodiment(not shown) could the evaluation circuit 12 be modified such that the 
evaluation circuit is able to transmit as well as receive messages on the communication bus. In order 
to improve authorisation access control further, could a verification of a correct diagnostic equipment 
be implemented in steps, exchanging messages between the diagnostic equipment and the evaluation 
circuit 12. 

The invention could also be implemented in distributed computer networks having nodes 20a-20c 
continuously connected to power supply 32. In such a configuration could the relay 1 3 be deactivated 
using an unique deactivation message. This deactivation message could be initiated by the nodes in 
the distributed computer network or by the diagnostic equipment autonomously. 

In the embodiments shown in figure 3 and 4 are not shown any details as of signal conditioning 
components, which by way of example transforms the battery voltage to a supply voltage compatible 
with the signal/logical level of individual components in the logic. In the embodiments shown 
assumed that the battery-Zsystem voltage corresponds to a logical representation of a "1", and 
voltage" condition corresponds to a logical representation of a "0", if not an inverting function is 
implemented which would reverse the logical representation. 
The invention is not limited to the embodiments shown, and could be modified within the scope of the 
25 invention as defined by enclosed claims. 

The embodiment shown in figure 4 with a detection of the authorisation code by software control, 
could alternatively be replaced by a hardware masking procedure, designed in hardware and thus not 
needing any non-volatile memory. In the embodiment shown in figure 4 could the authorisation code 
be altered by changing the authorisation code stored in the memory 23, which memory means 
conventionally is denoted as a software-masking procedure when used to detect messages sent on the 
communication bus. 



20 



30 
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1. Safety device for a diagnostic terminal (3) in distributed computer networks (8) containing at 
least two nodes and a common communication bus (10a,10b) for the computer network, preferably 
5 implemented in vehicles, which diagnostic terminal enable connection of an external diagnostic 

equipment (1) to different distributed nodes(20a,20b,20c) within the computer network, wherein said 
diagnostic terminal includes a first set of contact pins (3a,3b) for a direct access to at least one 
communication bus (10a, 10b), which communication bus transmit data between the distributed nodes 
within the computer network during operation thereof chariacterised in 

10 - that in-between the first set of contact pins (3a,3b) and the communication bus (10a,10b) are 

arranged relay switches (14a,14b/13a,13b) which relay switches in a first stable position disconnects 
the connection between the first set of contact pins (3a,3b) and the communication bus (10a, 10b), 
-that the external diagnostic equipment includes signal transmitting circuits (5,6,6a/50 which signal 
circuits during connection of the diagnostic equipment applies a predetermined and unique signal 

15 state on a second set of contact pins (2a,2b), which second set of contact pins are compatible with the 
first set of contact pins and when the diagnostic equipment is connected will connect the first and 
second set of contact pins together, 

-that a signal evaluation circuit (12) is connected to the first set of contact pins (3a,3b) and arranged 
to enable detection of the signal state at the first set of contact pins and when a predetermined signal 
20 state occurs will switch over the relay switches ( 14a, 14b/l 3a, 1 3b) to a second stable position, which 
second stable position will close the connection between the first set of contact pins and the 
communication bus, whereby the external diagnostic equipment connected to the diagnostic terminal 
obtains direct access to the communication bus. 

25 2. Safety device for diagnostic terminals in distributed computer networks (8) according claim 

1 characterised in that the relay contacts (14a, 14b) are switched over by a relay (13) 
activated by the signal evaluation circuit (12). 

3. Safety device for diagnostic terminals in distributed computer networks (8) according claim 
30 1 characterised in that the relay contacts is realised by semiconductor switches (13a, 13b), 

offering a low-resistant two-way communication via the relay contacts. 

4. Safety device for diagnostic terminals in distributed computer networks (8) according claim 

2 or 3 characterised in that the signal evaluation circuit (12) includes a detection device 
35 (15,16,17a-17c,18) which detection device dependent of a specific voltage level, within a 
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predetermined voltage range and applied on at least one of the contact pins (3a,3b), will activate the 
relay contacts (14a,14b/131,13b). 

5. Safety device for diagnostic terminals in distributed computer networks (8) according claim 
5 4 characterised in that the signal evaluation circuit includes at least two comparators 

(15,16) each comparing the voltage applied on at least one of the contact pins (3a,3b) with a first and 
second reference voltage respectively, which first and second reference voltages are obtained from a 
voltage divider (17a- 17c). 

10 6. Safety device for diagnostic terminals in distributed computer networks (8) according claim 
5 characterised in that the diagnostic equipment includes signal circuits (6,6a,7a,7b) 
which signal circuits during activation thereof during at least a predetermined time interval will apply 
a voltage within the predetermined voltage range at the contact pin of concern, when the connector 
(2) of the diagnostic equipment is connected to the diagnostic terminal (3). 

15 

7. Safety device for diagnostic terminals in distributed computer networks (8) according claim 

2 or 3 characterised in that the signal evaluation circuit (12) consist of 
-an interfaced 1) capable of detection of at least one initiating message sent on the communication 
bus, which initiation message in essential parts is compatible with the communication protocol used 
20 for messages sent on the communication bus but unique in relation to any other type of message 
being sent on the communication bus, 

- a memory(23), preferably a non-volatile memory, which memory contains an unique authorisation 
code for the configured computer network in question, 

- a comparison circuit (2) able to compare the initiation message applied at the contact pins of the 
25 diagnostic terminal of the communication bus with the authorisation code stored in the memory, and 

by matching between the initiation message and the authorisation code stored in the memory (23) will 
establish a direct access from the diagnostic terminal (3) to the communication bus by switching the 
relay contacts (13a, 13b) to a closed position. 
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